A threat intelligence analyst is updating a document according to the MITRE ATT&CK framework. The analyst detects the following behavior from a malicious actor: 'The malicious actor will attempt to achieve unauthorized access to the vulnerable system.' In which of the following phases should the analyst include the detection?

Procedures in the MITRE ATT&CK framework refer to specific step-by-step instructions or processes followed by threat actors to accomplish their objectives. The behavior of attempting unauthorized access is more aligned with the strategic level of Tactics rather than the detailed operational level covered by Procedures.

Techniques in the MITRE ATT&CK framework are more detailed than Tactics and represent specific methods or means used by adversaries to execute their objectives. While attempting unauthorized access is an action taken by the malicious actor, it fits better within the broader strategic context of Tactics rather than the specific operational level of Techniques.

Subtechniques are the most granular level of detail in the MITRE ATT&CK framework, describing specific variations or implementations of techniques. Since the behavior described is at a higher level of abstraction related to the adversary's goal, it does not delve into the specific variations or subcategories covered by Subtechniques.